> So the problem is in certificate: > > [tls] <<< TLS 1.0 Handshake [length 038d], Certificate > --> verify error:num=20:unable to get local issuer certificate > [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
That means that you haven't imported self-signed ca certificate onto the client. > # openssl verify -CApath ca.pem client.pem > client.pem: /C=FR/ST=Radius/O=Example > Inc./[email protected]/[email protected] > error 20 at 0 depth lookup:unable to get local issuer certificate > > > I'm little bit confused, I created the client certificate using make > client. Which uses server certificate to sign client certificates. > Isn't possible that freeradius Makefile is buggy? No. Try verify with server certificate (as it is done in Makefile). Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
